The fallout from the data breach involving confidential data stolen from the TJX Companies continues. In Massachusetts, legislation has recently been introduced to shift the cost of a data breach onto retailers who do not follow security standards designed to prevent identity theft. Banks and credit cards currently protect consumers against fraudulent credit card use. However, according to the proposed legislation, should a retailer fail to properly secure data and thieves steal customer account information as a result, the merchant would bear responsibility for the associated costs.
What do you think about this proposed legislation? If a merchant were held accountable for failing to properly secure data, do you think merchants would take data security seriously? Shareholders would probably demand that companies invest in and properly secure confidential data networks. If you believe companies and agencies take data protection seriously, think again. Too many companies and government agencies have had confidential data compromised for me to believe that data protection has been a priority in our nation. Perhaps legislation and corporate accountability can give companies and agencies proper incentive to protect our personal information.